<?php

require dirname(dirname(__FILE__)) . '/includes/common_head.php';

$smarty->template_dir = $app_root . '/admin/backend/templates';
$smarty->compile_id   = $app_root . '/admin/backend/templates';

/*
 * Initialise the paging session var, and remove the filter/page if it's 
 * not an AJAX request.
 *
 */
$path_string = join('/', array_slice($path, 0, 2));
$smarty->assign('path_string', $path_string);
if (!isset($_SESSION['paging'][$path_string])) $_SESSION['paging'][$path_string] = array('show' => 20, 'order' => 'id', 'page' => 1);
if (isset($_REQUEST['paging'])) {
	foreach($_REQUEST['paging'] as $key => $val) {
		$_SESSION['paging'][$path_string][$key] = $val;
	}
}
if (isset($_SESSION['paging'][$path_string]['tags'])) {
	if (!is_array($_SESSION['paging'][$path_string]['tags'])) $_SESSION['paging'][$path_string]['tags'] = array_unique(explode(';', trim($_SESSION['paging'][$path_string]['tags'], ';')));
	if (isset($_SESSION['paging'][$path_string]['tags'][0]) and !$_SESSION['paging'][$path_string]['tags'][0]) $_SESSION['paging'][$path_string]['tags'] = array();
} else {
	$_SESSION['paging'][$path_string]['tags'] = array();
}

/*
 * 
 *
 */
require $app_root . $site['home_dir'] . '/navigation.php';
foreach ($navigation as $section => $links) {
	foreach ($links as $name => $link) {
		if (preg_match('/^' . preg_quote($link['path'], '/') . '/', implode('/', $path))) {
			$navigation[$section][$name]['selected'] = true;
		}
	}
}
$smarty->assign('navigation', $navigation);

/*
 * If it's not already set, initialise the messages array in the
 * session.
 *
 */
if (!isset($_SESSION['messages'])) {
	$_SESSION['messages'] = array();
}

for($i=count($path);$i>0;$i--) {
	if (file_exists(str_replace('//', '/', $app_root . $site['home_dir'] . '/admin-custom/backend/' . escapeshellcmd(join('/', array_slice($path, 0, $i)) . '/index.php')))) {
		$logger->debug(str_replace('//', '/', $app_root . $site['home_dir'] . '/admin-custom/backend/' . escapeshellcmd(join('/', array_slice($path, 0, $i)) . '/index.php')));
		$handler = str_replace('//', '/', $app_root . $site['home_dir'] . '/admin-custom/backend/' . escapeshellcmd(join('/', array_slice($path, 0, $i)) . '/index.php'));
		break;
	} elseif (file_exists(str_replace('//', '/', $app_root . $site['home_dir'] . '/admin-custom/backend/' . escapeshellcmd(join('/', array_slice($path, 0, $i-1))) . '/' . $path[$i-1] . '.php'))) {
		$logger->debug(str_replace('//', '/', $app_root . $site['home_dir'] . '/admin-custom/backend/' . escapeshellcmd(join('/', array_slice($path, 0, $i-1))) . '/' . $path[$i-1] . '.php'));
		$handler = str_replace('//', '/', $app_root . $site['home_dir'] . '/admin-custom/backend/' . escapeshellcmd(join('/', array_slice($path, 0, $i-1))) . '/' . $path[$i-1] . '.php');
		break;
	} elseif (file_exists(str_replace('//', '/', $app_root . '/admin/backend/' . escapeshellcmd(join('/', array_slice($path, 0, $i)) . '/index.php')))) {
		$logger->debug(str_replace('//', '/', $app_root . '/admin/backend/' . escapeshellcmd(join('/', array_slice($path, 0, $i)) . '/index.php')));
		$handler = str_replace('//', '/', $app_root . '/admin/backend/' . escapeshellcmd(join('/', array_slice($path, 0, $i)) . '/index.php'));
		break;
	} elseif (file_exists(str_replace('//', '/', $app_root . '/admin/backend/' . escapeshellcmd(join('/', array_slice($path, 0, $i-1))) . '/' . $path[$i-1] . '.php'))) {
		$logger->debug(str_replace('//', '/', $app_root . '/admin/backend/' . escapeshellcmd(join('/', array_slice($path, 0, $i-1))) . '/' . $path[$i-1] . '.php'));
		$handler = str_replace('//', '/', $app_root . '/admin/backend/' . escapeshellcmd(join('/', array_slice($path, 0, $i-1))) . '/' . $path[$i-1] . '.php');
		break;
	}
}

// if it's the login or timeout page, or the user is logged in and has a user_type above 0
if ($path[0] == 'login' or $path[0] == 'timeout' or (isset($_SESSION['login']) and ($_SESSION['login']['user']['user_type'] > 0))) {
	if (isset($handler)) {
		// if it's the login or timeout page, or if the logged in user is the superuser, or has access rights
		if ($path[0] == 'login' or $path[0] == 'timeout' or (isset($_SESSION['login']['user']['user_type']) and ($_SESSION['login']['user']['user_type'] == 2 or ($_SESSION['login']['user']['user_type'] == 1 and (isset($_SESSION['login']['user']['access_rights'][$path[0].(isset($path[1]) ? '/'.$path[1] : '')]) and $_SESSION['login']['user']['access_rights'][$path[0].(isset($path[1]) ? '/'.$path[1] : '')] == 1) or $path[0] == '')))) {
			require $handler;
		} else {
			$smarty->display('access_denied.tpl.html');
		}
	} else {
		header("HTTP/1.0 404 Not Found");
		$smarty->display('404.tpl.html');
	}
} else {
	header("Location: /admin/login/?page=" . urlencode($_SERVER['REQUEST_URI']));
}

/*
 * If we haven't set a Location header by this point, then the chances 
 * are we've displayed a page, so any waiting messages will have been 
 * shown.  So wipe the messages array.
 *
 */
if (!preg_match("/^Location:/m", join("\n", headers_list()))) {
	unset($_SESSION['messages']);
}

require dirname(dirname(__FILE__)) . '/includes/common_foot.php';
